[Bro] Where are the log files when DNS monitoring ran by cli ?
jdonnelly at dyn.com
Wed Oct 22 07:28:54 PDT 2014
Bingo - the dns.log is in the cwd !
Q answered !
On Wed, Oct 22, 2014 at 9:26 AM, Seth Hall <seth at icir.org> wrote:
> On Oct 22, 2014, at 9:42 AM, John Donnelly <jdonnelly at dyn.com> wrote:
> > No changes made to broctl.cfg !
> > I am running bro outside of broctl .. are those setting read by bro
> during startup ?
> I'm confused. You first said that you weren't getting logs when you ran
> Bro outside of BroControl but then you said you were getting logs when you
> ran Bro with BroControl.
> If you run bro directly at the command line, it won't load any of the
> broctl scripts or implement any of the broctl configuration. You are
> almost certainly seeing invalid checksums on one of the interfaces you're
> sniffing. If you want to see if that's it, you could temporarily disable
> checksum checking with the -C flag on the command line. I don't recommend
> running with that configuration for normal use though.
> It seemed like you were also confused about where logs would be written
> when running bro directly. They should be written to your current working
> directory by default. :)
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro